I dare to comment on everything - as I agree to much of it, but would like to
point out few bits...
} Helpful extra: make available communications services which incorporate
} the said standards and which can be bought by A or B.
}
} Another helpful extra: use the communication infrastructure to also offer
} web stuff.
That's exactly the right point - the right solution is not only to make the
NHSNet internally compatible, but preferably also to use open standards - to
avoid overwhelming costs in future. The current development is clear - it's the
Internet which will drive it! Locking yourself with an "obsolete" communication
platform is not a wise solution.
} 2. Security and confidentiality related to communication is a worry.
} Well, it's now being addressed. Leaving the major threat: dodgy practice
} internal to each organisation.
Privacy/confidentiality would be one thing, though essential, but safety and
medico-legal issues are driving it anyway. If you start building the trust
structure of your `secure' communication the wrong way, you might end up having
a nicely locked house with all the bullet-proof equip., but might be not the
only one having the duplicable keys to it. Working along a centralised trust
structure as seems the current `flavour of the day' makes any idea of even some
self-regulation of practitioners, privacy of information between doctor and the
patient, and also non-repudiation of actions and authentication of
information/source in a very shaken position, to be optimistic. Not speaking
about professional bodies like GMC or UKCC losing any influence and control
over future developments...
Moreover, being able to authenticate information sources, then add ways to
enforce accountability (audit, etc.) and you can point who-did-what within your
domain-practice - then it's up to the administrative solution. The problem of
the whole currnet concept of the NHSnet security is, that you'll waste money to
ensure information against lower-level hackers, while anyone with sufficient
resources can breach the `suggested' level of confidentiality, but - what's
worse - hardly any contermeasures against threats of the internal breaches
within the system.
} 5. The NHSweb, being an intrAnet ring-fenceded by firewalls, is the
} wrong approach. How else to safely get helpful web page stuff to the
} clinical coalface?
Once you have the basic trust structure and can actually rely on it, then
using network like Internet with proxy-like solutions, digital signatures
and encryption where necessary would seem the way I'd try to go. The costs
saving when buying equipment developed for millions for an obsolete and
almost-proprietary solution (to save investments of BT :-) ) would not be
choice of mine.
} PS I don't work for IMG and can't therefore speak for them. Scotland
:-) Neither do I - but enjoy to see the "work" ;-)
--
Vashek Matyas <[log in to unmask]>
Computer Laboratory, New Museums Site, Pembroke Street, Cambridge, CB2 3QG, UK.
Tel: +44 (0)1223 33 46 76 - Fax: +44 (0)1223 33 46 78
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
|
